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Program  Metrics 

Building  on  the  work  described  in  [Basili  and  Reiter  81] 
which  was  awarded  the  IEEE  Transactions  on  Software  Engineering 
Best  Paper  Award,  we  developed  a  family  of  structural  complexity 
metrics  which  considered  such  factors  as  size,  nesting  level,  and 
type  of  control  structure.  The  number  of  program  changes  made 
during  development  were  counted  on  a  per  segment  (procedure  or 
function)  basis.  The  relationships  between  program  changes  and 
some  members  of  the  structural  complexity  family  were  investi¬ 
gated.  The  investigation  provides  further  evidence  that  a  dis¬ 
ciplined  team  approach  aids  program  development  [Basili  and 
Hutchens  1983]. 

We  have  also  used  multiple  regression  analysis  to  determine 
if  other  types  of  metrics  could  be  used  ir;  conjunction  with  the 
syntactic  metrics  to  achieve  a  better  model.  The  data  metrics 
considered  included  average  live  variables  per  statement,  number 
of  input/output  parameters,  number  of  data  bindings,  and  number 
of  unique  operands.  We  found  that  the  addition  of  data  metrics 
made  minimal  improvements  in  the  statistical  model.  The  syntac¬ 
tic  metric  is  the  single  most  important  factor,  followed  by 
several  of  the  team  category  variables. 

We  have  investigated  the  use  of  cluster  analysis  in  conjunc¬ 
tion  with  data  metrics  as  a  means  of  determining  the  modulariza¬ 
tion  of  systems  with  respect  to  data  hiding.  The  small  size  of 
the  projects  studied  makes  analysis  of  modularization  difficult 
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to  interpret,  but  we  noticed  some  interesting  phenomena.  In  par¬ 
ticular,  programs  which  use  data  hiding  techniques  have  a  clus¬ 
tering  which  is  clearly  different  from  those  that  do  not. 

We  have  also  used  this  technique  on  production  software. 
Preliminary  results  of  this  study  were  reported  at  a  workshop  on 
Software  Performance  Evaluation  [Basili  and  Hutchens  1982]. 
These  studies  show  that  the  clustering  for  at  least  one  type  of 
production  software  gives  a  reasonable  modularization  of  the  sys¬ 
tem.  The  modularization  is  similar  to  the  functional  modulariza¬ 
tion  used  by  the  developers  and  described  in  the  system  documen¬ 
tation. 

An  algorithm  for  decomposing  programs  into  their  prime  sub¬ 
components  and  a  method  for  using  this  decomposition  as  the  basis 
of  a  program  metric  is  described  in  [Gannon  et  al.  83].  A  tool 
implementing  the  algorithm  was  developed  and  used  to  analyze  a 
set  of  commercial  FORTRAN  programs.  The  data  collected  suggested 
that  programs  in  an  older  version  of  the  software  contain  more 
complex  subcomponents  than  those  in  the  newer  version. 


A  controlled  experiment  was  performed  to  compare  the  tech¬ 
niques  of  functional  testing,  structural  testing,  and 
code/reading  inspection.  Thirty  subjects,  from  the  upper  level 
"Software  Design  and  Development"  course  at  the  University  of 
Maryland,  applied  each  of  the  three  different  methods  to  three 
different  programs  with  "seeded"  errors  (in  a  Latin  Square  exper¬ 
imental  design).  The  results  are  being  used  to  contrast  the 
methodologies  with  regard  to  mean  number  of  errors  found,  cost- 
effectiveness  (in  terms  of  number  of  errors  found  per  unit  of 
effort),  classes  of  errors  char acter i s ticly  uncovered  and  errors 
that  were  observable  but  not  reported.  The  examination  extends 
previous  work  [Myers  78,  Hwang  81]  by  incorporating  different 
testing  techniques  and  a  greater  number  of  programs,  while  adding 
statistical  significance  to  the  conclusions. 


Two  of  the  above  testing  strategies  are  integrated  in  the 
"Clean-Room"  software  development  approach  [Dyer  82],  and  a 
second  investigation  was  executed  to  analyze  and  evaluate  this 
methodology.  Motivated  by  the  desire  to  produce  more  reliable 
software,  the  approach  completely  separates  the  development  pro¬ 
cess  from  the  testing  process.  The  developers  apply  the  tech¬ 
niques  of  code/reading  inspections  and  structured  walk-throughs 
to  source  code  before  submitting  it  for  on-line  testing.  An 
independent  group  then  functionally  tests  the  delivery  from  a 
statistically  selected  set  of  test  data.  This  iterative  develop¬ 
ment  process  was  utilized  in  ten  three-person  team  projects.  The 
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increment  for  use  in  Mean-Time-Between-Failure  and  other  relia¬ 
bility  models. 

A  case  study  [McMullin  and  Gannon  83]  was  performed  in  which 
we  specified,  implemented,  and  validated  a  record-oriented  text 
editor  similar  to  one  discussed  in  [Kernighan  and  Plauger  81] 
using  the  DAISTS  system.  Algebraic  axioms  served  as  the  specifi¬ 
cation  notation;  and  the  implementation  was  tested  with  a 
compiler-based  system  that  uses  the  axioms  to  test  implementa¬ 
tions  with  a  finite  collection  of  test  cases.  Formal  specifica¬ 
tions  were  sometimes  difficult  to  produce,  but  helped  reveal 
errors  during  unit  testing.  Thorough  exercising  of  the  implemen¬ 
tations  by  the  specifications  resulted  in  only  two  errors  per¬ 
sisting  until  integration. 


We  have  begun  distributing  DAISTS;  the  system  is  instal 
on  the  University  of  Illinois  and  Melbourne  VAX  systems,  and 
been  provided  to  the  Universities  of  Iowa  and  Sydney.  It 
used  in  courses  at  Melbourne  as  the  basis  for  some  student  p 
Jects.  A  description  of  the  implementation  appeared  in  [McMul 
et  al.  82]. 


led 

has 

was 

ro- 

lin 


2.2.  Step-wise  Testing 


The 

problem  of  t 

estin 

modu 

les , 

particularly 

when 

proc 

essed 

concurrently , 

is  a 

are 

two 

difficulties : 

the 

complex  that  the  test  re 

suits 

in 

the 

early,  buggy 

stage 

partially 

completed  soft 

ware . 

testing  i 

3  suggested  to 

handl 

g  software  that 
these  components 
difficult  and  imp 
complete  execut 
cannot  be  unders 
s);  it  would  be  a 
A  process  of  it 
e  both  difficult! 


is 

di 

vide 

d 

in 

to 

are 

int 

ende 

d 

to 

be 

rtant  one. 

The 

re 

on 

patt 

erns 

a 

re 

so 

ood 

(P 

arti 

cu 

lar 

iy 

van 

tage 

ous 

to 

te 

st 

erated,  incremental 
es  [Hamlet  82/16]. 


£•2*  Testing  of  Concurrent  Specifications 

The  difficulty  of  testing  concurrent  software  lies  in  con¬ 
trolling  the  nondeterminism  of  the  possible  interleaving  of 
parallel  execution  histories.  A  simple  finite-state  model  is 
useful  in  describing  the  difficulties  encountered.  Two  specifi¬ 
cation  languages  now  under  development  (PAISLey,  Bell  Labora¬ 
tories;  Gist,  USC/ISI)  are  "executable,"  but  do  not  pay  much 
attention  to  the  question  of  multiple  sequencing  possibilities. 

These  languages  are  described  from  the  testing  viewpoint,  and  a 
critique  presented  of  the  software  development  methodology  based 
on  each.  Although  not  intended  to  specify  concurrent  programs, 
the  PROLOG  language  has  some  unusual  and  revealing  test  proper-  □ 

ties,  which  illuminate  problems  in  the  more  practical  languages  □ 

[Hamlet  82/13].  — 
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A  paper  summarizes  and  evaluates  the  three  themes  in  testing 
theory  today,  which  arise  from  logic  (proving-based  theory), 
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practice  (tool-based  theory),  and  probability  (random  testing 
theory)  [Hamlet  82/15]. 

3,.  Theoretical  Issues  in  Software  Engineering 

As  a  part  of  a  conference  in  Brisbane,  Queensland,  Dr.  Ham¬ 
let  was  invited  to  prepare  a  series  of  lectures  on  current 
software-engineering  work  of  interest  to  theoreticians.  The  pri¬ 
mary  topics  are  the  formalization  of  specifications,  and  the 
foundations  of  testing  theory  [Hamlet  82/8]. 

ii*  Debugging  with  Slices 

When  debugging,  it  is  common  for  a  programmer  to  know  that 
the  value  of  some  variable  at  a  given  line  is  wrong.  The  portion 
of  a  program  containing  only  and  all  information  relevant  to  a 
variable's  value  at  a  given  line  is  called  a  slice .  Informally, 
a  slice  may  be  defined  for  a  statement  n  and  a  set  of  variables 
V,  to  be  those  statements  relevant  to  the  computation  of  V  just 
before  the  execution  of  statement  n. 

We  have  developed  an  interactive  tool  on  the  VAX  11/780  that 
computes  slices  of  programs.  Our  tool  run3  on  a  modified  version 
of  the  csh  called  wsh  (window  shell). 


The  window  shell  is  a  modified  version  of  the  Berkeley  Unix 
csh  that  allows  a  user  to  create  multiple  virtual  terminals  on 
his  terminal  screen.  Each  virtual  terminal  appears  as  a  bordered 
window  that  can  be  used  to  invoke  programs  within  the  window. 
The  user  can  create  new  windows,  connect  the  keyboard  to  any  win¬ 
dow,  destroy  windows,  move  a  window  to  a  new  location,  hide  (make 
invisible),  unhide  and  uncover  a  window.  A  window  may  cover 
(partially  or  completely)  another  overlapping  window  on  the 
screen.  A  program  running  in  a  window  may  also  create  windows 
and  do  any  window  function  the  user  could  do. 

We  have  developed  an  interactive  debugging  tool  based  on 
slicing  and  data  flow  information.  The  user  is  presented  with  a 
menu  of  operations  to  select  from.  He  may  elect  to  display  the 
program  and  highlight  lines  where  a  given  variable  is  assigned, 
referenced  or  appears;  slice  on  a  variable  at  some  statement  and 
highlight  the  slice;  or  create  a  file  containing  just  the  state¬ 
ments  of  a  slice.  He  may  al3o  see  a  summary  of  data  flow  infor¬ 
mation  about  the  program  or  invoke  other  programs  to  run  in  a 
window.  The  tool  is  friendly  to  the  user  and  can  explain  any  of 
its  functions. 

5.  PLACES 

Research  on  the  design  and  evaluation  of  data  abstraction 
features  continued  with  the  evaluation  of  those  features  in  the 
PL/I  system  -  PLACES,  previously  developed  under  this  grant.  An 
evaluation  of  abstract  data  types  was  performed  by  two 
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programming  classes  at  the  University  of  Maryland  -  on 
features  and  the  other  using  standard  PL/I.  The  resu 
study  were  previously  reported  to  AFOSR  [Zelkowitz  82b 
summarized  here: 

(1)  The  cost  of  implementing  abstract  data  types 
language  that  includes  structures  or  records 
variables  (e.g.,  PL/I)  is  relatively  low  and  cost 


e  using  the 
Its  of  this 
]  and  are 


within  a 
and  pointer 
effective . 


(2)  There  was  some  run-time  overhead  in  using  abstractions.  Pro¬ 
grammers,  using  good  design  techniques  developed  more 
modules  than  in  the  standard  PL/I  group.  However,  many  of 
the  modules  were  of  a  trivial  (e.g.,  one  line  of  code)  type, 
and  inline  expansion  of  these  procedures  eliminated  most  of 
the  increased  overhead. 


(3)  Programmers  seemed  to  have  little  trouble  adapting  to  the 
data  abstraction  discipline.  Using  two  measures  of  program 
complexity  -  length  and  cyclomatic  complexity  -  programs 
using  abstractions  were  less  complex. 

In  summary,  abstract  data  types  seem  effective  in  practice, 
and  if  taught  correctly,  should  be  effective  in  producing  good 
programs  in  a  language  like  Ada. 

6 .  Programming  Environments 

With  the  advent  of  the  megabyte  workstation  with  multimega¬ 
byte  disk  for  a  relatively  low  cost  of  $10,000  to  $20,000,  the 
means  co  develop  programs  will  change  in  the  future.  Powerful 
single-U3er  workstations  can  be  used  to  build  and  develop  pro¬ 
grams.  An  initial  design  of  an  integrated  environment  was  started 
during  this  year  [Zelkowitz  82a]. 

The  basic  idea  is  to  use  a  structured  editor  that  knows  the 
details  of  the  individual  language.  Such  an  editor,  BABLE,  is  now 
being  designed.  Some  of  the  important  issues  that  are  being  con¬ 
sidered  are: 


(1) 


(2) 


The  editor  will  work  with  an  exte 
Thus  several  source  languages  ca 
Pascal  is  the  target  language,  but 
later . 

A  major  issue  is  the  management  of 
program.  Typically  a  user  has  from 
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(3)  The  integration  of  all  phases  of  the  life  cycle  is  important 
for  managing  development.  The  use  of  a  program  design 
language  is  being  developed,  and  its  integration  into  code 
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production  is  being  studied. 

7.  Concurrent ,  Distributed  Systems 

A  software  specification  technique  suitable  for  concurrent, 
distributed  systems  has  been  developed.  The  technique  combines 
an  abstract,  nonprocedural  specification  language  with  a  formal 
proof  system  for  a  programming  language.  The  complete  specifica¬ 
tion  of  a  program  is  a  set  of  hierarchically  structured  module 
specifications.  Module  external  specifications  are  abstract. 
Module  internal  specifications  are  descriptions  of  hidden  imple¬ 
mentations,  either  in  terms  of  submodules  or  actual  code. 
Defined  verification  procedures  establish  that  the  external 
specification  of  a  module  is  an  accurate  characterization  of  its 
internal  implementation.  [Reed  and  Yeh  83] 

Several  concurrent  programming  languages  have  been  studied 
to  determine  their  suitability  to  real-time  programming.  It  ha3 
been  determined  that  a  completely  new  programming  language  is  not 
necessary  to  meet  these  requirements.  We  are  now  in  the  process 
of  selecting  a  subset  of  Ada  with  a  few  modifications  borrowed 
from  Modula-2.  This  language  will  be  incorporated  into  a  set  of 
abstraction-based  design  and  debugging  tools.  These  tools  will 
primarily  be  concerned  with  the  problem  of  meeting  timing  dead¬ 
lines  . 


8.  Graphical 


and  Documentation 


We  have  implemented  an  interactive  system  for  graphical 
design  and  documentation  [ Roussopoulos  and  Kelly].  The  system  is 
supported  by  a  database  that  has  very  general  graphical  represen¬ 
tations  of  hierarchical  nature  and  annotations  for  documentation 
purposes.  Through  a  friendly  user  interface,  the  user  specifies 
the  systems  requirements,  he  annotates  them  and  proceeds  to  the 
design.  The  design  is  specified  and  annotated  through  the  same 
interface.  During  these  interactions  with  the  user,  a  database 
i3  constructed  which  contains  the  requirements  and  design  specif¬ 
ications  along  with  their  documentation. 


The  graphical  representations  and  their  underlying  logical 
constructs  facilitate  both  the  definition  of  the  functional  and 
operational  characteristics  of  the  software  as  they  are  perceived 
by  the  end  user  (requirement  specifications)  and  the  design  pro¬ 
perties  of  the  software  as  specified  by  the  analysts.  The  system 
supports  the  logical  constructions  required  for  most  structural, 
control  flow  and  data  flow  modeling  primitives  such  as  closed 
objects  of  various  shapes  and  sizes,  connectors,  and  annotations. 
Closed  objects  can  be  opened  up  and  further  specified  and/or 
examined  at  a  more  detailed  level.  The  database  is  designed  in 
such  a  way  that  it  can  support  this  hierarchical  decomposition 
and  a  zoom-in/out  accessing  facility. 
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The  system  is  running  on  a  VAX  11/780  under  UNIX.  Interac¬ 
tion  with  the  system  is  currently  available  only  through  Tek¬ 
tronix  4020  series  terminals,  but  drawing  functions  are  performed 
in  4010  mode.  Hard  copies  are  generated  by  a  Tektronix  photos¬ 
tatic  device. 
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